On Tue, 2018-05-29 at 21:00 +0100, Rowland Penny via samba
wrote:> On Tue, 29 May 2018 15:50:44 -0400
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > I'm developing a script to create a user and pass along all
the
> > necessary unix attributes required. I'm successful except when I
go
> > to increment msSFU30MaxUidNumber or msSFU30MaxGidNumber. I'm not
sure
> > how to use ldbedit to script this process. Any guidance would be
> > great. Thanks.
> >
> > - James
> >
> >
> >
>
> Something like this:
>
> # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber
> # Input : $1 $2
> # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber)
> # $2: Next Number
> #
> # Output : Nothing
> _updatemax () {
> echo "Updating $1"
>
> newid="dn:
CN=$domainNETBios,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,$domainDN
> changetype: modify
> replace: $1
> $1: $2"
Actually, you would want to use (something like this, not tested):
changetype: modify
add: $1
$1: $2
delete: $1
$1: $2
This is called a constrained update, and avoids a race where the value
changes between the search and the modify.
That will then be atomic (either succeeds or fails as a whole) on one
DC, but sadly not across the whole domain, which is why it isn't part
of our standard feature-set (we don't like to create tools that have
inherent races).
That just means always run this against one specific DC to be safe.
> echo "${newid}" | $LDBMODIFYBIN -H "$ldbdb" >
/dev/null 2>&1
> if [ $? != 0 ]; then
> echo "Error updating $1 in AD."
> exit 1
> fi
>
> echo "Successfully updated $1 in AD"
> }
>
> Rowland
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba